public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: fix regression in Cisco AnyConnect VPN support (#1354588)
Date: Tue, 09 Jun 2026 12:43:48 GMT [thread overview]
Message-ID: <178100902809.1.1854256483110186831.rpms-openssl-9fc25c1d2897@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 9fc25c1d2897c4a1881efd8ecbb3ba44010bdae7
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2016-08-10T13:50:49+02:00
Stats : +18/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/9fc25c1d2897c4a1881efd8ecbb3ba44010bdae7?branch=rebase_40beta
Log:
fix regression in Cisco AnyConnect VPN support (#1354588)
---
diff --git a/openssl-1.0.2h-dtls-bad-ver.patch b/openssl-1.0.2h-dtls-bad-ver.patch
new file mode 100644
index 0000000..19fb577
--- /dev/null
+++ b/openssl-1.0.2h-dtls-bad-ver.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.0.2h/ssl/ssl_lib.c.dtls-bad-ver openssl-1.0.2h/ssl/ssl_lib.c
+--- openssl-1.0.2h/ssl/ssl_lib.c.dtls-bad-ver 2016-05-03 18:06:45.000000000 +0200
++++ openssl-1.0.2h/ssl/ssl_lib.c 2016-08-10 13:47:33.995530954 +0200
+@@ -1828,7 +1828,7 @@ int SSL_export_keying_material(SSL *s, u
+ const unsigned char *p, size_t plen,
+ int use_context)
+ {
+- if (s->version < TLS1_VERSION)
++ if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+ return -1;
+
+ return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
diff --git a/openssl.spec b/openssl.spec
index 8a47df8..18121a8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.2h
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -87,6 +87,7 @@ Patch96: openssl-1.0.2e-speed-doc.patch
Patch80: openssl-1.0.2e-wrap-pad.patch
Patch81: openssl-1.0.2a-padlock64.patch
Patch82: openssl-1.0.2h-trusted-first-doc.patch
+Patch83: openssl-1.0.2h-dtls-bad-ver.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -210,6 +211,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch80 -p1 -b .wrap
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .trusted-first
+%patch83 -p1 -b .dtls-bad-ver
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@@ -500,6 +502,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Wed Aug 10 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2h-3
+- fix regression in Cisco AnyConnect VPN support (#1354588)
+
* Mon Jun 27 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2h-2
- require libcrypto in libssl.pc (#1301301)
reply other threads:[~2026-06-09 12:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100902809.1.1854256483110186831.rpms-openssl-9fc25c1d2897@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox